Finally, government open-sources Aarogya Setu: Here's what it means
In a major development, India's Ministry of Electronics and Information Technology (MeitY) has open-sourced Aarogya Setu, its contact-tracing app for COVID-19. The move from the government comes more than a month after the app's public release, giving a much-needed sigh of relief to experts who had been raising alarms over security and privacy issues in it. Here is what it means.
As part of the open-sourcing effort, NITI Aayog, the developer of Aarogya Setu, has published the source code of the app's Android version on Github. It will also release the code of the iOS and KaiOS versions, but it is slated to happen in a 'few weeks'. Notably, nearly 98% of Aarogya Setu's 11.4 crore users are registered on Android only.
By releasing the code of Aarogya Setu in the public domain, the government is opening the app for independent expert review and collaboration. Basically, technical experts and developer communities from around the world can inspect the code of the app to assess its inner working, like how it collects data to flag COVID-19 contacts, and suggest appropriate changes, improvements if necessary.
"Releasing the source code of a rapidly evolving product is challenging," MeitY said, while emphasizing it's a huge responsibility for the developer community, given that the repository shared is the production environment, which will be updated whenever a new version of the app goes live.
Ever since Aarogya Setu debuted, experts have been raising privacy concerns over the app, especially due to its use of location data to identify close contacts. Many, including Congress' Rahul Gandhi, suggested that it's a surveillance system designed to track citizens without consent. Now, open-sourcing the app would clarify what data it collects, where it goes, answering all major privacy-related questions for good.
"The open-source code base will increase the trust further, unlock the innovation potential, and invite many engineers, designers, epidemiologists and policy experts to participate to provide improvements and suggest applications way beyond our imaginations," said MIT Professor Ramesh Raskar after Aarogya Setu was open-sourced.
In addition to this, the Ministry has also announced a bug bounty program for Aarogya Setu. The initiative promises a reward of Rs. 1 lakh to all developers, engineers, and security researchers who either flag critical vulnerabilities, bugs, and loopholes in the app or suggest major code improvements. The details of the program will be shared on the MyGov website.
The #AarogyaSetuApp is now open source. Read the attached release documents to know more. pic.twitter.com/dubwKQTK0w
— Aarogya Setu (@SetuAarogya) May 26, 2020
The latest efforts by the government would contribute significantly towards boosting the user base of Aarogya Setu and better identifying and isolating COVID-19 contacts. The app, as mentioned earlier, has over 11.4 crore users, but the potential goes way beyond, given that there are 40-50 crore smartphone users and over 11 crore KaiOS-powered feature phone users in the country.
